REMARKS 

[0002] Applicant respectfully requests reconsideration and allowance of all of the 
claims of the application. Claims 1-16, 47, and 48 are presently pending. Claims 1, 2, 
47, and 48 are amended herein. 

Formal Request for an Interview 

[0003] If the Examiner's reply to this communication is anything other than 
allowance of all pending claims and the only issues that remain are minor or formal 
matters, then I formally request an interview with the Examiner. I encourage the 
Examiner to call me — the undersigned representative for the Applicant — so that we can 
talk about this matter so as to resolve any outstanding issues quickly and efficiently over 
the phone. 

[0004] Please contact me to schedule a date and time for a telephone interview that 
is most convenient for both of us. While email works great for me, I welcome your call 
as well. My contact information may be found on the last page of this response. 

Claim Amendments 

[0005] Without conceding the propriety of the rejections herein and in the interest of 
expediting prosecution, Applicant amends claims 1, 2, 47 and 48 herein. Applicant 
amends claims to clarify claimed features. These amendments are fully supported by the 
Application and are made to expedite prosecution and more quickly identify allowable 
subject matter. Such amendments are merely intended to clarify the claimed features, and 
should not be construed as further limiting the claimed invention in response to the cited 
references. 
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Substantive Matters 



Claim Rejections under § 103 

[0006] Claims 1, 2, 4, 5 and 47 are rejected under 35 U.S.C. § 103(a) purportedly 
for being unpatentable over what is alleged as Applicant's Admitted Prior Art (AAPA) 
and in view of US Patent Application Publication No. 2003/0041267 to Fee ("Fee"). 
Applicant respectfully traverses the rejections. Applicant amends claim 1 solely to 
incorporate subject matter formerly recited in claim 2. Furthermore, in light of the 
amendments presented herein to claim 47, Applicant submits that the rejection to claim 
47 is moot. 

Independent claim 1 

[0007] Independent claim 1 , as amended, incorporates a feature formerly in claim 

2 and recites (in part): 

means, based upon a user identification (ID) for at least one of the first 
and second assemblies of the one or more files, for determining access 
privileges of the first assembly of the one or more files to the second 
assembly of the one or more files. 

[0008] Applicant respectfully submits that at least the above emphasized feature is 
not disclosed in the background of the application or and Fee, whether taken alone or in 
combination. 

[0009] In rejecting claim 2, the Office indicated that "AAPA" teaches wherein the 
identity may be user ID (paragraph 6). Further, Fee teaches user based security policies, 
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such as in paragraphs 37, 55, 58 and 72." (See Office Action 02/26/2009 at page 5). 



Applicant respectfully disagrees. 

[0010] Paragraph 6 of the specification reads (with emphasis added): 

Another example of a host is a server that hosts an object-oriented database, 
where the server has a security model that is user identity based. In 
contrast, the security model for the CLR bases access rights to a 
protected resource on Code Access Security (CAS), not on user 
identity. Managed assemblies registered with the host server are server 
objects from the host's perspective. Access rights for these server objects 
can be defined and limited via security rules defined for individual user 
identities or roles. Host servers therefore must be given a way to allow or 
disallow access from one managed assembly to another based on the host 
server's user identity based access rules. It would be an advance in the 
art to provide a way that allows host servers to allow or disallow access 
from one managed assembly to another (cross-assembly calls) based on 
the host server's user identity based access rules, where such cross- 
assembly calls meet both CAS permission demands as well as user ID 
permissions governing access from one server object to another. 

[0011] Paragraph 6 discusses that the current security model for the Common 
Language Runtime ("CLR"), or Code Access Security ("CAS"), is not based on user 
identity, thus the last sentence of paragraph 6, "[i]t would be an advance in the art to 
provide a way that allows host servers to allow or disallow access from one managed 
assembly to another (cross-assembly calls) based on the host server's user identity 
based access rules, where such cross-assembly calls meet both CAS permission 
demands as well as user ID permissions governing access from one server object to 
another." It is clear from the last sentence that the current CAS permission model does 
not involve user ID permission governing access, and a system combining both security 
models " would be an advance in the art" (with emphasis added). 
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[0012] Applicant further submits that Fee does not disclose, teach or suggest the 
emphasized feature "determining based upon user identification (ID) for at least one of 
the first and second assemblies of the one or more files." 

[0013] The Abstract of Fee states: 

An evidence-based policy manager generates a permission grant set 
for a code assembly received from a resource location. The policy 
manager executes in a computer system (e.g., a Web client or server) 
in combination with the verification module and class loader of the 
run-time environment. The permission grant set generated for a code 
assembly is applied in the run-time call stack to help the system 
determine whether a given system operation by the code assembly is 
authorized. The policy manager may determine a subset of the 
permission grant set based on a subset of the received code assembly's 
evidence, in order to expedite processing of the code assembly. When 
the evidence subset does not yield the desired permission subset, the 
policy manager may then perform an evaluation of all evidence 
received. (Fee, Abstract). 



[0014] According to paragraph [0009] of Fee, 

"evidence associated with the code assembly is evaluated relative to a 
collection of code groups, which is defined in a security policy 
specification. Based on the evidence, the policy manager determines 
the membership of the code assembly in one or more code groups of 
the code group collection. Each code group is associated with a code- 
group permission set. The code-group permission sets for those code 
groups in which the code assembly is deemed a member are used to 
generate a permission grant set for the code assembly. The permission 
grant set is thereafter used in the run-time call stack to determine 
whether a given system operation by the code assembly is authorized 
by the security policy (i.e., whether the permission grant set satisfies 
the permission requirements associated with the system operation)." 
(Fee at paragraph [0009]). 

[0015] Fee in paragraph [0037] further discusses that "a security policy 
specification may define multiple policy levels within a security framework for a given 
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enterprise, machine, user, application, etc. in which the evidence of a given code 
assembly is evaluated." However, Fee does not disclose "determining access privileges 
of the first assembly of the one or more files to the second assembly of the one or more 
files" based on "user identification (ID) for at least one of the first and second assemblies 
of the one or more files" as recited in claim 1 . 

[0016] The Supreme Court in KSR Int'l v. Teleflex Inc. stated that "there must be 
some articulated reasoning with some rational underpinning to support the legal 
conclusion of obviousness." KSR Int'l v. Teleflex Inc., 127 S. Ct. 1727, 1741 (2007) 
(quoting In re Kahn, 441 F.3d 977, 988 (Fed. Cir. 2006). Desire for a particular solution 
is not sufficient to demonstrate obviousness. The Office has not identified a reason that 
the recitation of the claim would be obvious to try one from another of a finite group of 
interchangeable elements. Initially, the office has failed to make a prima facie showing 
prior to the filing of the instant application that CAS permissions and user ID permissions 
were interchangeable in a CLR environment. Instead, the evidence shows that at the time 
of the application was filed cross-assembly calls meeting both CAS permission demands 
as well as user ID permissions was desired. 

[0017] Thus, independent claim 1, as amended, is respectfully asserted patentable 
over Fee and the background of the instant application. 

Independent claim 47 

[0018] Independent claim 47 is amended to include the feature "determining, based 
upon user identification (ID) for at least one of the first and second assemblies of the one 
or more files, access privileges of the first assembly of the one or more files to the second 
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assembly of the one or more files." Accordingly, independent claim 47, as amended, is 
asserted patentable over Fee for at least the reasons provided with reference to claim 1 . 

[0019] In addition, independent claim 47, as amended, recites (in part): 

a JIT compiler module, based upon a first determination made at the 
second module that it is unknown whether the call from the first assembly 
to the second assembly should be permitted, to perform actions 
comprising: 

inserting a runtime stub into the call; and 

compiling the first assembly and the second assembly in the 
managed code into native code for execution as native code, wherein at 
runtime when the native code of the first assembly and the second 
assembly is executed at the server, the second module of the server is 
configured to make, based upon the user ID for each of the first assembly 
and the second assembly at the runtime, a second determination of 
whether the call by the first assembly to the second assembly shall be 
permitted at the runtime. 

[0020] Applicant respectfully submits that the above emphasized features are not 
disclosed, taught or suggested in the background of the specification — alleged AAPA and 
Fee, whether taken alone or in combination. In particular, none of them teaches or 
suggests "inserting a runtime stub into the calls" and "compiling the first assembly and 
second assembly. . .wherein at runtime..., the second module of the server is configured 
to make, based upon the user ID for each of the first assembly and the second assembly at 
the runtime, a second determination of whether the call by the first assembly to the 
second assembly shall be permitted at the runtime" as recited in amended claim 47. 
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[0021] Accordingly, in addition to the reasons presented with reference to claim 1, 
independent claim 47 is asserted patentable over alleged AAPA and Fee for the above 
additional reasons. 

Dependent claims 2-16 and 48 

[0022] These claims ultimately depend upon one of the independent claims 1 and 
47. As discussed above, each of claims 1 and 47 is patentable over Fee. It is axiomatic 
that any dependent claim which depends from a base claim that is patentable over a 
reference is also patentable over the reference. Additionally, some or all of these claims 
may also be allowable for additional independent reasons. 

Claim Rejections under § 103 over other references 

[0023] Applicant further submits that none of other cited references, e.g., US 
Patent No. 7,266,677 to Bromley et al., US Patent No. 4,430,699 to Segarra et al., US 
Patent Application Publication No. 2004/0059941 to Hardman et al, US Patent No. 
6,076,167 to Borza, and US Patent No. 5,870,588 to Rompaey et al., remedies the 
deficiency of Fee. In fact, none of the other cited references discloses, teaches or 
suggests determining access privileges of the first assembly of the one or more files to the 
second assembly of the one or more files based on "user identification (ID) for at least 
one of the first and second assemblies of the one or more files" as recited in claims 1 and 
47. Furthermore, none of the other cited references discloses, teaches or suggests the 
emphasized features in claim 47. 

[0024] Thus, Applicant respectfully submits herein that the dependent claims, 
which are rejected based on the other cited references, are patentable over those 
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references for at least the reasons provided above with reference to independent claims 1 
and 47. 



Conclusion 

[0025] All pending claims are in condition for allowance. Applicant respectfully 
requests reconsideration and prompt issuance of the application. If any issues remain that 
prevent issuance of this application, the Examiner is urged to contact me before 
issuing a subsequent Action . Please call or email me at your convenience. 

Respectfully Submitted, 

Lee & Hayes, PLLC 
Representatives for Applicant 

/Ningning Xu Reg. No. L0293/ Dated: 2009-05-26 

Ningning Xu ( mngning@jeehayes.com ; (509) 944-4726) 
Registration No. L0293 

Bea Koempel-Thomas (bea@leehayes.com ; (509) 944-4759) 
Registration No. 58,213 
Customer No. 22801 

Telephone: (509) 324-9256 
Facsimile: (509) 323-8979 

www.leehayes.com 
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